The function AES_cbc_encrypt has a bug when its input and output parameters are the same which causes it to incorrectly update the IV. All other OpenSSL ..._cbc_encrypt functions happily accept input==output, I don't see a valid reason why AES would be the exception. The attached patch fixes the problem, but a revisitation of the AES CBC functions may be in order in order to optimise (I'm sure it's got to be possible to encrypt/decrypt without memcpying so much)
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
